package com.fy.config;

import com.fy.filter.JwtVerifyFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity/*(debug = true)*/ //开启security 的过滤器
@EnableGlobalMethodSecurity(prePostEnabled = true) //开启注解
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/swagger-ui.html", "/webjars/**", "/swagger-resources/**","/swagger-ui.html/**", "/v2/**","/csrf");
    }

    /**
         * 配置http请求的规则
         * 配置：
         * 哪些请求需要登录，哪些请求无需登录
         * 哪些请求需要哪些角色和权限
         *
         * 自定义登录
         * 自定义退出登录
         * @param http
         * @throws Exception
         */
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            //哪些请求需要登录，哪些请求无需登录
            //除了/user/login不需要登录，请求请求都需要登录
            http.authorizeRequests()
                    .antMatchers("/user/login", "/user/verify")
                    .permitAll()
                    .anyRequest()
                    .authenticated();

            http.csrf().disable();

            //跨域放行
            http.cors();

            //将 JwtVerifyFilter 放入过滤器链中
            http.addFilter(new JwtVerifyFilter(authenticationManager()));
        }
}
